There are three types of depository institutions in the US: commercial banks, savings associations (sometimes called “thrifts,” which specialise in deposit taking and mortgage lending), and credit unions (a cooperative financial institution formed for members of a common group who collectively own the institution, such as a group associated with an employer, business type, or branch of the military). Charters for the different types of institutions (collectively, “banks”) are available for issuance both by individual US states and at the federal level. As a result, the banking system in the US is often referred to as a “dual” banking system. The decision regarding which charter type is the most appropriate and whether to apply for a state or federal charter is often driven by several considerations, including expected product and service offerings, anticipated customer base, the markets in which the bank will operate, examination costs, preference for or familiarity with a particular primary regulator, and the importance of federal law preemption of certain state laws to the bank’s business plans.

Given the variety of charters available and the option of obtaining a state or federal charter, the US regulatory structure governing banks is correspondingly complex. A state-chartered bank is regulated and supervised at the state level by the chartering state’s banking agency (under state laws and regulations) and by a federal bank regulator depending on its insured status and whether it has elected to become a member of the Federal Reserve System. The primary federal bank regulators are:

• the Office of the Comptroller of the Currency (OCC), which charters, regulates, and supervises national banks and federal savings associations;
• the Federal Deposit Insurance Corporation (FDIC), which insures deposit accounts and manages the deposit insurance fund as well as being the primary federal bank regulator and supervisor of state insured banks that do not belong to the Federal Reserve System;
• the Board of Governors of the Federal Reserve System (Federal Reserve Board), which regulates and supervises bank and financial holding companies, foreign banking organisations operating in the US, and all nonbank financial companies designated as systemically important. In addition, this organisation is the primary federal bank regulator and the supervisor of state banks that are members of the Federal Reserve System; and
• the National Credit Union Association (NCUA), which charters, regulates, and supervises national credit unions. It also insures the deposit accounts of national and many state-chartered credit unions.

In addition to these federal agencies, the Consumer Financial Protection Bureau (CFPB) is responsible for implementing and enforcing compliance with federal consumer financial laws by large banks (more than USD10 billion in total consolidated assets) and their affiliates and certain other consumer financial services companies. Depending on their activities, banks and their affiliates also may be subject to supervision and regulation by the Securities and Exchange Commission (SEC), the Commodities Futures Trading Commission (CFTC), and state insurance regulators, as well as other state, federal, or non-US regulators.

Important federal legislation that developed and governs the banking system in the US includes the following:

• The National Banking Act of 1863, as amended in 1864, established a national banking system, authorised national bank charters, and established the OCC.
• The Federal Reserve Act of 1913 established the Federal Reserve System as the central banking system in the US.
• The Banking Act of 1933, also known as the “Glass-Steagall Act”, established the FDIC as a temporary agency (later becoming a permanent agency) and separated commercial banking from investment banking.
• The Bank Holding Company Act of 1956 (BHCA) required the approval of the Federal Reserve Board to establish a bank holding company (BHC).
• The Gramm-Leach-Bliley Act of 1999 repealed Glass-Steagall’s separation of commercial and investment banking, created financial holding companies that are authorised to engage in underwriting and selling insurance and securities and to conduct merchant banking activities, and restricted disclosures of non-public consumer information.
• The Dodd-Frank Wall Street Reform and Consumer Financial Protection Act of 2010 (Dodd-Frank Act) established measures to prevent systemic risks to the US financial system, a framework for the regulation of derivatives, and the CFPB.
• The Economic Growth, Regulatory Relief and Consumer Protection Act of 2018 raised the threshold of coverage of banking organisations subject to enhanced prudential standards under the Dodd-Frank Act.

In addition to these and other federal or state statutes governing bank powers and authorities, banks are subject to the rules of their regulators. Each state and federal bank regulator has implemented its own regulations that set out the licensing requirements, permissible activities and investments, and safety and soundness operating standards applicable to the banks each regulates.

Given the nature of the dual banking system in the US, the specific licensing and application requirements to charter a bank will vary based on the type of bank charter and whether chartered at the state or federal level. The OCC sets out its application and licensing requirements for a national bank in its regulations and a licensing handbook. The process for chartering a national bank is set out below and is generally representative of the process for other bank charter types as well.

General Application Requirements

Organisers of the proposed national bank must apply to, and receive approval from, the OCC before the bank engages in banking business. In reviewing an application, the OCC:

• will ensure that the application is complete and required organisational documents for the bank have been filed, the required capital stock of the bank has been paid-in, and that the bank has at least five, and generally no more than twenty-five, elected directors;
• wll take into account the bank’s plans to meet the credit needs of the communities in which it would operate;
• will consider:
1. whether the organisers are familiar with applicable bank laws and regulations;
2. the experience and competency of the proposed management team and directors;
3. the bank’s business plan and the economic conditions and competitive considerations of the markets in which it plans to operate;
4. the sufficiency of the projected capital needs of the bank given the risks and complexity of its expected activities;
5. the reasonableness of the financial and profitability assumptions used in preparing the pro forma financial statements that accompany the application;
6. the ability of the bank to operate in a safe and sound manner; and
7. any public comments received in connection with the published notice announcing the filing of the application; and
• may consider the risks a proposed insured bank would pose to the deposit insurance fund and any questions regarding the permissibility of its corporate powers.

The application should include a request for the bank to exercise fiduciary powers, if needed. A bank that intends for its deposit accounts to be insured must also file an application for deposit insurance with the FDIC. In addition, a BHC (or a company that would become one because of its proposed ownership interest in the new bank) is required to obtain approval from the Federal Reserve Board before the OCC will grant approval.

The Licensing Process

The bank’s organisers will generally hold a meeting with OCC staff to review the plans for the bank and raise any questions on the licensing process before applying for a charter. The organisers will also designate a person for the OCC to contact with questions during the application process. The OCC provides both a preliminary approval for the organisers to continue their organisational efforts and a final approval that is required before the bank can open for business.

Once preliminary approval has been obtained, the organisers can complete any remaining management hires, continue raising capital, and otherwise prepare for opening the bank, including developing internal risk management and operating systems and adopting a written insiders’ policy addressing code of conduct and conflicts of interest. At least 60-days before the bank’s proposed opening and before final OCC approval may be issued, the bank must notify the OCC that organisational efforts have been completed and request that the OCC conduct a pre-opening examination.

For at least the first three years of its operation, the bank is required to receive a non-objection from the OCC before making any significant change to its business plan. The OCC must also review the bank’s hiring of new executive officers or election of new directors for at least the first two years of the bank’s operations.

Powers and Authorities

The powers and authorities of national banks are set out in legislation (including the National Bank Act) and through the OCC’s regulations and interpretive letters, including requirements for when the bank must file a notice or receive approval from the OCC to engage in a new activity.

State-Chartered Banks

The application and licensing process to charter a state bank is governed by the laws of the chartering state. The powers and authorities of a state bank are governed by state law, with many states having provisions in their banking laws, sometimes referred to as “wild card provisions,” providing the state’s banks with the same powers and authorities as national banks. State banks with a primary federal bank regulator (the Federal Reserve Board or the FDIC) are also subject to federal laws and regulations governing their activities.

Acquisitions of control of an insured bank are subject to the Change in Bank Control Act (CBCA) and the BHCA. Notice to the appropriate federal bank regulator is required to be filed at least 60 days before the acquisition of control unless the transaction is exempt or otherwise subject to an after-the-fact notice requirement. Mergers of insured banks are subject to the provisions of the Bank Merger Act and implementing regulations of the appropriate federal bank regulator.

A person or entity (a “person”) controls a bank under the CBCA if it would, directly or indirectly, have the power to either direct the management or policies of the bank, or vote 25% or more of any class of the bank’s voting securities. A rebuttable presumption of control exists if the person, directly or indirectly, has the power to vote 10% or more of any class of a bank’s voting securities if the securities are subject to registration under the Securities Exchange Act of 1934, or immediately after the transaction, no other shareholder would own or have the power to vote a greater percentage of the class. In determining the level of control that the person exercises, the agencies also consider whether the person is acting, or is deemed to be acting, in concert with others.

A 90 day after-the-fact notice requirement applies in circumstances where control is acquired due to circumstances beyond the person’s control, such as acquiring control through inheritance or a bona fide gift, a redemption of the bank’s voting securities, or by acquisition of the securities in satisfaction of a debt. Some acquisitions of control are exempt from the CBCA notice requirements, including for transactions subject to approval under or transactions described in the BHCA and the Bank Merger Act. BHCA requires approval of the Federal Reserve Board for a BHC to either acquire a subsidiary bank, acquire more than 5% of the voting securities of a bank, or acquire all or substantially all of a bank’s assets by one of its nonbank subsidiaries.

Notice of a filing is required to be published in a newspaper in the community where the bank is located. The agencies evaluate several factors in reviewing the notice, including any public comments on the transaction and whether the acquisition will result in a monopoly or substantially lessen competition or threaten the financial stability of the bank, is not in the interest of depositors or the public, or would result in adverse impacts to the deposit insurance fund.

Unless otherwise provided by the agency, a person deemed to have control due to ownership of more than 10% but less than 25% of the bank’s voting securities would be required to file another notice if their ownership interests later increase to 25% or more, but subsequent increases in ownership beyond that point would not be subject to additional filing requirements under the CBCA.

The review period is generally 60 days, but it may be extended. The agencies also may impose conditions on an acquiror, such as not materially changing the bank’s business or committing to providing capital and liquidity support to the bank. In the event of an adverse decision, the person may appeal the decision. If the agency has not acted on the notice before expiration of the waiting period, the person may proceed with the transaction.

State-Chartered Banks

If the target bank is a state bank, the appropriate federal bank regulator provides a copy of the CBCA filing to the chartering state agency. The laws of the applicable chartering state should also be considered for potential state change in control filing requirements.

Federal bank regulators have established standards for the safe and sound operation of a bank. Banks are expected to have internal operational and management systems and capabilities that are appropriate for the bank’s size, complexity, and risk profile, including for internal controls and information systems; audit systems; loan documentation practices; credit underwriting practices; interest rate exposure; asset growth practices; asset quality practices; and earnings practices. The agencies have also set standards for information security practices and, as discussed in 4.3 Remuneration Requirements, to prevent excessive compensation practices.

The OCC has also established guidelines for risk management for insured national banks with at least USD50 billion of total consolidated assets. The guidelines set heightened standards for the establishment of:

• Framework for the management of risk;
• Roles and responsibilities of risk-creating units at the bank, independent risk management, and audit;
• Strategic plans, risk appetites, and concentration limits; and
• Talent and compensation management programmes.

The guidelines also set standards for the role of the bank’s board of directors with respect to risk management.

At the BHC level, the Federal Reserve Board requires each BHC with at least USD50 billion or more of total consolidated assets to have a global risk management framework establishing policies and procedures for the management of risk at the firm and processes and systems for implementing and monitoring compliance with risk management policies and procedures.

State-Chartered Banks

State banks would be subject to any corporate governance requirements established by applicable state laws and regulations, and, if subject to regulation by a federal bank regulator, the requirements of the primary federal bank regulator.

As part of the licensing process for a national bank charter, the OCC will evaluate the qualifications of the organisers, directors, and executive officers and consider their familiarity with the laws and regulations that govern a bank as well as experience with the expected business activities of the bank. The OCC must also review the hiring of new senior executive officers or election of new directors for at least the first two years of the bank’s operations. Thereafter, the bank must provide the OCC with at least 90 days advance notice in the event of additions or changes to its board of directors and senior executive officers (or adding a new senior executive officer role to the responsibilities of an existing senior executive officer) if the bank is not in compliance with its minimum capital requirements, has been notified in writing by the OCC of a requirement that it do so, or has been determined to be in troubled condition.

Any required notice must include biographical and financial information, employment and compensation arrangements, fingerprint checks, tax check waivers, and consent from the person to a background check. The OCC may disapprove of any member of the board or new senior executive officer (or change in their role) given the OCC’s evaluation of the person’s character, competency, integrity, or experience. Management officials of banks are also generally prohibited from serving as a management official of an unaffiliated bank if the management interlock would likely have an anticompetitive effect.

Residency and Citizenship Requirements for National Bank Directors

Unless a waiver is requested by the bank and granted by the OCC, directors of national banks must be citizens of the US. Waivers of this requirement are discretionary but may not be for more than a minority of the total number of directors on the board. In connection with a citizenship waiver request, the bank must submit biographical, financial, and other information on the director.

A majority of directors must also be a resident of the state where the bank is located or within 100 miles of the location of the bank’s designated main office for at least one year prior to their election and during their term of service. The OCC may waive this requirement in its discretion and with no limit on the number of waivers granted.

Roles and Responsibilities of National Bank Directors and Senior Management

The board of a national bank is accountable for the oversight of the bank’s management, provision of leadership to the bank, and establishment of the bank’s values. The board is also responsible for creating a risk governance framework for the bank and setting the bank’s strategic direction and its appetite for risk.

While the board is responsible for strategic direction and oversight, senior management is responsible for day-to-day bank operations. The board should hold management accountable for accomplishing the bank’s strategic objectives while operating within an approved risk appetite framework. The board carries out its responsibilities by exercising informed and independent judgment and providing a credible challenge to management’s decisions and recommendations.

In addition to having a variety of skills and expertise appropriate for the bank’s activities, the board should include an appropriate mix of executive directors and those who are independent of any familial or business relationships with the bank or its management. The OCC’s heightened standards for banks with total consolidated assets of at least USD50 billion require that at least two members of the board meet designated independence standards.

Expectations for Bank Holding Company Directors and Senior Management

The Federal Reserve Board has also established key attributes for an effective board of directors that are applicable to a BHC with total consolidated assets of at least USD100 billion. Boards are expected to set clear direction for strategy and risk appetite; direct management on the board’s information needs; oversee and hold management accountable; support the independence and stature of independent risk management and audit functions; and maintain a capable board compensation and governance structure.

Regulations of the Federal Reserve Board also require each BHC with at least USD50 billion of total consolidated assets to have a risk committee of its board that is responsible for approving and periodically reviewing the firm’s risk management policies and overseeing the operation of a global risk management framework. The committee must have at least one member with experience in identifying, assessing, and managing risk exposures at large, complex financial firms and be chaired by a director who meets defined independence standards. In addition, the risk committee of a BHC with at least USD100 billion of total consolidated assets must also review and approve a contingency funding plan for the BHC and any material revisions to the plan.

A BHC with at least USD50 billion of total consolidated assets must also have a Chief Risk Officer (CRO) who has experience in identifying, assessing, and managing risk exposures at large, complex financial firms. The CRO is responsible for: overseeing the firm’s establishment and monitoring of enterprise risk limits; implementation and compliance with risk management policies and procedures; and management, monitoring, and testing of controls. The CRO is required to report directly to both the board’s risk committee and to the chief executive officer. The CRO’s compensation must be consistent with its role of providing an objective assessment of risks taken by the BHC.

In 2018, the Federal Reserve Board issued proposed supervisory guidance for effective risk management by senior management, management of business lines, and independent risk management, but the proposal has not been finalised.

State-Chartered Banks

State banks would be subject to any director or senior management registration and oversight requirements established by applicable state laws and regulations.

As part of the safety and soundness standards established by the federal bank regulators, federally regulated banks are required to implement safeguards to prevent excessive compensation, fees, and benefits to officers, employees, directors, or principal shareholders that could lead to material losses. Compensation is considered excessive, and is prohibited as an unsafe and unsound practice, if the amounts are unreasonable or disproportionate to the services performed. When determining compensation, banks should evaluate:

• aggregate compensation paid (both cash and non-cash benefits);
• compensation history in comparison to payment to others with comparable expertise;
• financial condition of the bank;
• comparable compensation practices at peer banks;
• projected total costs of benefits; and
• any connections between the individual and fraudulent acts or insider abuse.

In addition, federal bank regulators have issued guidance to assist banks in developing sound incentive compensation practices. Banks are expected to regularly review their compensation arrangements with senior executives and others responsible for oversight of organisation-wide activities or material business lines and employees who individually, or as part of group, can expose the organisation to material amounts of risk. Compensation arrangements that are tied to achievement of specific metrics should balance risk and reward appropriately, be compatible with effective controls and risk-management, and support strong corporate governance.

State-Chartered Banks

State banks would also be subject to any compensation restrictions or limitations established by applicable state laws and regulations.

Financial institutions are responsible for performing several key functions to combat money laundering and terrorist financing in the US financial system.

Customer Identification and Verification

Every bank must adopt a Customer Identification Program (CIP) with written procedures for opening an account. The CIP must specify the identifying information that will be obtained from each customer and include risk-based procedures for verifying the customer’s identity. It must also include procedures for responding to circumstances in which the bank cannot form a reasonable belief that it knows the true identity of a customer.

Banks must also request beneficial ownership information from all legal entity customers and apply identification and verification protocols to the individual beneficial owners.

Sanctions Controls

Before opening an account, banks must screen customers and related parties, as necessary, against the lists of sanctioned persons/entities maintained by the Office of Foreign Assets Control (OFAC), a division of the US Department of the Treasury responsible for administering economic and trade sanctions.

Customer Due Diligence

Banks must establish effective, risk-based customer due diligence (CDD) systems and monitoring programs to detect potential illicit financial activity. To accomplish this, they must develop customer risk profiles that can then be used as a baseline against which customer activity can be assessed for possible suspicious activity. The CDD programme must include procedures governing "enhanced” customer due diligence, ie, the application of heightened standards for collection and verification of customer information based on known customer risk factors, and ongoing monitoring of customers with higher risk profiles. It must also include procedures for filing Currency Transaction Reports, filing Suspicious Activity Reports, and reporting other necessary information as required. See 7.1 Bank Secrecy Requirements for additional information.

Recordkeeping and Retention

Banks must document all identity verification methods, any documents relied on during customer verification, and the resolution of any discrepancies that arose during the identification or verification process for each customer. Banks must securely maintain records, including identifying information and descriptions, for the applicable mandatory retention period.

The FDIC insures deposit products at each insured state or federally chartered bank (other than deposit accounts at an insured credit union, which are insured by the NCUA) up to the applicable insurance coverage limit. Coverage for FDIC insurance is not limited to US citizens and residents and applies automatically when any person opens a deposit account at an insured bank.

Examples of deposit products covered by FDIC Insurance are as follows:

• Checking accounts, negotiable order of withdrawal accounts, and savings accounts.
• Money Market Deposit Accounts.
• Certificates of Deposit.
• Cashier’s checks and money orders.

Examples of financial products not covered by FDIC Insurance are as follows:

• Stocks, bonds, mutual fund investments, and municipal securities.
• Life insurance policies.
• Annuities.
• US Treasury bills, bonds, or notes.
• Cryptocurrency assets.

Coverage for Deposits with Foreign Banks or that are Payable outside of the US

Deposits at an FDIC-insured branch of a foreign bank that are contractually payable in the US are insurable, unless it is a deposit to the credit of the foreign bank or any of its offices, branches, agencies, or any wholly owned subsidiary.

Deposits payable solely at an office of an insured bank located outside of the US are not considered deposits for FDIC eligibility insurance purposes.

Limits of Coverage

The standard FDIC insurance amount is USD250,000 per depositor at the bank and for each account ownership category (noted below) held at the bank. All accounts held by the depositor at the bank in the same account category are added together and insured up to the USD250,000 limit for each account category. Deposit account categories include:

• single accounts;
• joint accounts;
• designated retirement accounts like IRAs;
• revocable trust accounts;
• corporation, partnership, and unincorporated association accounts;
• irrevocable trust accounts;
• employee benefit plan accounts; and
• government accounts.

Treatment of Fiduciary Accounts

For funds deposited by a fiduciary on behalf of an owner to be insured as deposits of the funds’ owner, the bank’s deposit account records must reflect the fiduciary nature of the account. The name of each owner and ownership interest must also be ascertainable from the records of either the bank or the fiduciary. In the event of the bank’s failure, the FDIC will aggregate an owner’s funds deposited by the fiduciary along with other deposits of the owner in the same ownership category at the bank for purposes of determining the aggregate amount of insured deposits.

What Happens to Insured Deposits When the Bank Fails

When an insured bank fails, the FDIC may find another bank that is willing to assume its deposits. In this case, the insured depositors of the failed bank become depositors of the assuming bank. To the extent a depositor otherwise already has deposit accounts at the assuming bank, the new deposits are separately insured for a temporary period to allow the depositor time to move or otherwise restructure how or where their deposits are held.

If a bank cannot be found to assume the deposits, the FDIC closes the institution and pays depositors their applicable deposit insurance amount. The FDIC also acts as the receiver of the failed institution by collecting and selling the institution’s assets to settle its debts, which include claims by depositors for deposit amounts that exceeded the insurance limit.

Funding Deposit Insurance

The FDIC’s deposit insurance fund is funded through assessments on insured banks and interest earned on these assessments through investments in US government obligations. Insured banks are assessed by multiplying the bank’s assessment rate by its assessment base. The assessment rate for each bank takes into account financial and risk-based measures. A bank’s assessment base is its average consolidated total assets minus its average tangible equity.

The Bank Secrecy Act (BSA) is a reference to a series of laws and regulations requiring financial institutions to establish programmes, maintain records, and provide reporting to assist US government agencies in detecting and preventing money laundering and the financing of terrorism. The BSA requires banks to undertake ongoing customer monitoring and establish procedures for:

• keeping records of cash purchases of negotiable instruments;
• filing reports for certain cash transactions; and
• filing reports for any transaction activity or patterns that may indicate money laundering, tax evasion, or other illicit financial activity.

Banks are required to have a board approved BSA/anti-money laundering programme that provides for internal controls and independent testing, the designation of a responsible officer for coordinating and monitoring compliance, and for training of employees. Banks are also required to adopt a Customer Identification Program (CIP) and establish, with reasonable certainty, the true identity of each customer – or, for legal entity customers, the identities of its beneficial owners – before beginning a banking relationship.

Beneficial Ownership Reporting

Under the Corporate Transparency Act (CTA), a subdivision of the Anti-Money Laundering Act of 2020, entities organised under US law and any entity registered to do business in the US will be required to self-report the identities of all of its beneficial owners to the Financial Crimes Enforcement Network (FinCEN). Once beneficial ownership information is reported to FinCEN, the agency will be responsible for maintaining a non-public national beneficial ownership registry accessible to law enforcement agencies and financial institutions upon request.

Suspicious Activity Reporting

Banks are required to report suspicious activity (a suspicious activity report, or SAR) upon detection of facts or circumstances indicative of potential money laundering, check fraud, cybersecurity breaches, wire transfer fraud, mortgage and consumer loan fraud, embezzlement, official corruption or self-dealing, identity theft, terrorist financing, or other BSA violations. The SAR should provide sufficient detail to outline who conducted the activity, the nature of the activity and how it was conducted, when and where the activity took place, and why the activity was deemed suspicious. The SAR must be filed within 30-days of detecting the suspicious activity, though a filing may be delayed for an additional 30-days to identify a suspect.

SARs are subject to strict confidentiality requirements preventing disclosure of the fact that a SAR is being prepared or has been filed or any information related to the SAR. If a bank is subpoenaed or otherwise directed to disclose the SAR or information within it, banks are required to decline to do so and to notify their regulator. Copies of filed SARs are required to be maintained subject to required retention periods.

Unauthorised disclosure of SARs can result in both civil and monetary penalties.

Currency Transaction Reports

Banks are also required to report a person’s currency transactions that exceed USD10,000 in a single day, whether through one or a series of transactions. A currency transaction report (CTR) must be filed regardless of the reasons for the transaction. Transactions cannot be broken into smaller amounts for the purpose of avoiding reporting requirements. This activity (referred to as “structuring”) constitutes suspicious activity that must be reported.

The CTR requirement is triggered every time a person exceeds the single-daily threshold unless the person is exempt. Exempt persons include banks, government agencies, and certain commercial customers for certain types of transactions.

Violations of BSA reporting requirements can result in both civil and monetary penalties of up to USD100,000 or USD250,000, respectively, and imprisonment.

The Basel Committee on Banking Supervision (BCBS) develops prudential regulatory, supervision, and risk management standards to enhance the stability of the global financial system. In 2010, the BCBS announced a framework known as Basel III that was designed to increase the level and quality of capital that banks are required to maintain, limit leverage at banks, improve liquidity risk management practices, and limit procyclicality. The US serves as a participating BCBS member. In 2013, US federal bank regulators adopted capital, liquidity, and leverage requirements for banks and their holding companies (collectively, “banking organisations”) that are considered generally consistent with the BCBS Basel III framework.

The regulators have continued to adjust the US Basel III requirements since that time, including implementing tailoring approaches to apply the most stringent requirements to subsets of the largest banking organisations (those with USD100 billion or more of total consolidated assets). In addition, US banking regulators have announced their intention to propose new rules that would implement changes to the US. Basel III rules to align them with the 2017 BCBS Basel III reforms. See 10.1 Regulatory Developments.

Regulatory Capital Minimums

The US Basel III rules set out the elements of regulatory capital for banking organisations and two methodologies for measuring the organisation’s risk-weighted assets (RWAs): a standardised approach using supervisory developed models for risk weighting, and an advanced approach for large, internationally active banking organisations using the organisation’s internal models. Capital ratios are calculated by dividing the organisation’s regulatory capital by its total RWAs. Minimum regulatory capital ratios are required for Common Equity Tier 1 (CET1) Capital (4.5%), Tier 1 Capital (6.0%), and Total Capital (8.0%). Under US Basel III, institutions using the advanced approaches are required to calculate each ratio under both the standardised and advanced approaches and then use the more binding output calculation of the two. In addition, banking organisations are required to maintain a 4.0% minimum leverage ratio of Tier 1 Capital to average total assets.

To avoid limitations and restrictions on capital distributions and certain discretionary bonus payments, banking organisations must also maintain an additional 2.5% CET1 capital conservation buffer on top of the minimum 4.5% CET1 requirement.

Some smaller banking organisations (those with less than USD10 billion of total consolidated assets and that meet other qualifying conditions) may elect to use a simplified method for calculating their regulatory capital ratio. Organisations using the community bank leverage ratio framework are not required to calculate and report RWAs but instead must have a leverage ratio of more than 9.0%. Provided the organisation’s leverage ratio remains above 9.0% and the organisation remains qualified for use of this framework, the bank will be considered compliant with regulatory capital minimums and the capital conservation buffer.

Additional Requirements for Large Banking Organisations

The largest banking organisations are subject to additional buffers, surcharges, and requirements. The banking regulators divide these organisation into one of four categories:

• Category I: only US BHCs that have been designated as global systemically important banks (GSIBs).
• Category II: banking organisations that are not US GSIBs but that have either USD700 billion or more of total consolidated assets, or USD100 billion or more of total consolidated assets and USD75 billion or more in cross-jurisdictional activity.
• Category III: banking organisations that are not Category I or II having USD250 billion or more of total consolidated assets, or USD100 billion or more of total consolidated assets and USD75 billion or more of certain risk indicators (short term wholesale funding, nonbank assets, or off-balance sheet exposures).
• Category IV: banking organisations that are not Category I, II, or III and have USD100 billion or more of total consolidated assets.

Stress capital buffers (SCB)

Large banking organisations that are BHCs are subject to annual assessment by the Federal Reserve Board of the effectiveness of the firm’s capital planning processes and of the sufficiency of its regulatory capital both to absorb losses during adverse economic conditions and to allow the organisation to continue meeting its obligations and serving its customers.

The Federal Reserve Board incorporates the results of required stress testing into the regulatory capital requirements of covered BHCs by replacing the capital conservation buffer with the SCB. The size of each firm’s SCB is assessed annually based on the impact to its CET1 from application of the stress testing, with a floor for the buffer of at least 2.5%.

Countercyclical capital buffer

Category I, II, and III firms would be subject to a countercyclical capital buffer if imposed. This buffer is discretionary.

Surcharges on GSIBs

The Federal Reserve Board applies a capital surcharge to US GSIBs. The amount of a US GSIB’s surcharge, which must be at least a 1.0% add-on to its CET1 requirements, is re-assessed annually and based on evaluation of the GSIBs systemic importance during the prior year.

As noted in the Insolvency, Recovery, and Resolution discussion in 9.1 Legal and Regulatory Framework, US GSIBs are also required to maintain minimum amounts of additional regulatory capital and long-term debt to absorb losses and facilitate their orderly resolution.

Supplementary leverage ratio

Category I, II, and III organisations are subject to a minimum supplementary leverage ratio (SLR) of 3.0%. The SLR is calculated by dividing Tier 1 Capital by total leverage exposure. A Category I organisation (a GSIB) is also subject to an enhanced SLR requirement that imposes a 2.0% leverage buffer above the minimum 3.0% SLR, for a total effective minimum SLR of 5% for these organisations.

Liquidity requirements

Large banking organisations are subject to liquidity risk management and net stable funding rules. The liquidity risk management rules establish a minimum liquidity coverage ratio (LCR) requiring Category I and II organisations to hold high-quality liquid assets in an amount equal to or greater than the institution’s projected net cash outflows during a 30-day stress period. Category III and IV organisations are subject to the LCR on a reduced basis. The LCR would also apply to the insured bank subsidiary of a Category I, II, III, and IV holding company if the bank has USD10 billion or more of total consolidated assets. The rule also establishes enhanced liquidity risk management testing requirements and standards.

In addition, Category I and II organisations are required to maintain a minimum net stable funding ratio (NSFR) of its available stable funding to its required stable funding of at least 100%. Category III and IV organisations are subject to the NSFR on a reduced basis. The NSFR would also apply to an insured bank subsidiary of a Category I, II, III, and IV holding company if the bank has USD10 billion or more of total consolidated assets.

Prompt Corrective Action

Insured banks are subject to prompt corrective action (PCA) regulations that impose limitations on their activities for failing to meet identified regulatory capital minimums. The PCA framework assigns banks to one of five categories that measure the institution against risk-based capital and leverage ratios: well capitalised; adequately capitalised; undercapitalised; significantly undercapitalised; and critically undercapitalised. To be considered well capitalised, a bank must have a minimum CET1 ratio of at least 6.5%, a Tier 1 Capital ratio of at least 8%, a Total Capital ratio of at least 10%, and Tier 1 Leverage ratio of at least 5.0%. If the bank is a subsidiary of a BHC with more than USD700 billion in total consolidated assets, a SLR of 6.0% is also required for the bank to be considered well capitalised. As a bank falls into lower capital categories, the PCA framework imposes increasingly severe restrictions and limitations on its activities and triggers supervisory response measures and directives.

State-Chartered Banks

In addition to applicable federal requirements that may be imposed on an insured state bank or state bank that is a member of the Federal Reserve System by the FDIC or Federal Reserve Board, a state bank may also be subject to regulatory capital and liquidity requirements imposed by applicable state laws and regulations.

The FDIC acts as the receiver or liquidator of failed banks. The determination of whether to close a bank is usually made by the bank’s chartering national or state agency, and the FDIC will then generally be appointed as the receiver of the bank. The FDIC acts to protect the interest of depositors and to preserve and maximise the assets of the bank.

The FDIC’s options to resolve a failed bank include:

• Purchase and assumption transactions: The FDIC markets and receives bids for the failed bank’s assets and liabilities. A healthy bank assumes the insured deposits of the failed bank and may also purchase other assets. This is the most common resolution method.
• Deposit payoffs: The FDIC pays the failed bank’s insured depositors up to the maximum insured amount.

Any remaining assets of the bank would then be liquidated and made available to satisfy the claims of the bank’s creditors (including uninsured depositors) according to their relative priority in payment. Uninsured depositors are paid ahead of the bank’s general creditors, with remaining amounts, if any, then paid to the bank’s stockholders.

Although the use of the US bankruptcy code remains the preferred method of resolution for holding companies, the FDIC also has the authority to resolve large, complex holding companies. The FDIC may exercise this authority (its orderly liquidation authority, or OLA) with the agreement of a two-thirds majority of its board and of the board of the Federal Reserve Board as well as the agreement of the Treasury Secretary, in consultation with the President. The FDIC is authorised to borrow money from the US Treasury to fund the resolution. To the extent these funds are not recovered during the resolution process, the FDIC will assess any deficit on other large, complex financial institutions.

To help ensure a credible plan is in place for their orderly resolution, BHCs with total consolidated assets of USD250 billion or more are periodically required to submit resolution plans (also referred to as “living wills”) to the Federal Reserve Board, the FDIC, and the Financial Stability Oversight Council. The Federal Reserve is also authorised to apply living will requirements, and other prudential requirements, to a BHC with less than USD250 billion, but more than USD100 billion, of total consolidated assets if the Federal Reserve Board determines that application of the requirement is appropriate to address or mitigate risk to financial stability.

The Federal Reserve Board and FDIC are required to review the credibility of each BHC’s plan and may make, jointly, a determination that the plan is not credible. The failure of the firm to address identified deficiencies in its plan may result in the firm being subject to more stringent capital, leverage, or liquidity requirements or to limits on its growth, activities, or operations. If the BHC is ultimately unable to address deficiencies in its resolution plan, the agencies may require the BHC to divest assets or operations.

For US GSIBs, the principal resolution strategy is a single-point-of-entry (SPOE) approach, where the FDIC is appointed as the receiver of the holding company and subsidiaries of the holding company continue to operate. The FDIC would transfer assets and some liabilities to a bridge company capitalised by pre-arranged debt that converts into equity. To enhance the effectiveness of the resolution strategy, the Federal Reserve Board requires each GSIB to maintain a minimum amount of total-loss absorbing capacity (TLAC) made up of a minimum amount of long-term debt and Tier 1 Capital. A GSIB is also required to maintain a buffer above the minimum TLAC amount to avoid limitations on its ability to make capital distributions and certain discretionary bonus payments.

While transformational change to the regulatory framework governing banks in the US has generally occurred on timeframes measured by decades, additions to the framework and refinements to its existing components are ongoing regulatory developments.

Areas of regulatory focus in the near-term are expected to include:

• the CFPB’s efforts to curtail some fees and charges imposed by banks and to address discriminatory practices across product and service offerings and in decision-making processes;
• proposed rulemaking efforts to implement the 2017 Basel III reforms;
• heightened scrutiny of potential anti-competitive effects of proposed bank mergers;
• establishment of a regulatory framework to govern crypto assets and related product and service offerings;
• amendments to update core banking regulations; and
• the potential for federal privacy legislation or rulemaking.

CFPB Supervisory and Enforcement Priorities: Bank Fees and Charges, Buy Now – Pay Later Products, and Discriminatory Practices

The CFPB is expected to continue its work focusing on fees and charges for consumer financial products, consumer protections for buy now - pay later loans, and discrimination in the provision or offering of consumer financial products and services. While the CFPB focuses on these and other areas, it faces increasing constitutional challenges to its foundational authority such as the following:

• Fees and Charges. The CFPB has focused its attention on what it characterises as “junk fees” by seeking public comment on bank practices with respect to certain bank account, credit card, and other financial product fees and charges, such as late payment fees and non-sufficient funds fees. With respect to credit card late payment fees, the CFPB issued an advanced notice of proposed rulemaking requesting information to understand how late payment charges are set and related to actual costs and whether these fees play a role in meeting revenue or profitability goals for card issuers. These studies and advance rulemaking proposals are expected to result in future CFPB rulemaking, industry guidance, and supervisory and enforcement actions focused on fees and charges.
• Buy Now - Pay Later. The CFPB has initiated a study around the sharp growth in buy now - pay later lending during the COVID-19 pandemic. The study looks to focus on the inconsistent consumer protections applied to these lending products as well as data aggregation practices of buy now - pay later lenders. The study may lead to CFPB interpretive guidance or rulemaking that results in consumer protections for these products that are similar to those required for credit card lending and that may place limitations on the industry’s data surveillance practices.
• Discriminatory Practices. In 2022, the CFPB updated its examination manual for unfair, deceptive or abusive acts or practices (UDAAP) to provide direction to examiners in evaluating discriminatory practices as potential unfair practices prohibited by the Dodd-Frank Act. The updated manual directs CFPB examiners to evaluate whether the institution has internal processes to prevent discrimination in its offering or provision of consumer financial products or services and whether the institution reviews, tests, and monitors its decision-making processes for discrimination.

The CFPB’s assertion through release of the manual that discriminatory practices may be UDAAP violations under the Dodd-Frank Act resulted in a legal challenge by several trade associations. The trade associations argued, among other things, that the UDAAP prohibitions, unlike other statutory authorities the CFPB enforces addressing credit offerings and products, are not directed at discriminatory practices. As a result, the trade associations argued that the CFPB had exceeded its statutory authority. The trade associations also argued the examination manual should be set aside as the CFPB had failed to follow administrative procedural requirements by issuing the manual without first seeking public review and comment and had acted arbitrarily and capriciously. In addition, the lawsuit alleged that the funding structure for the CFPB under the Dodd-Frank Act violated the US Constitution.

With respect to the constitutionality of the CFPB’s funding structure and in a separate lawsuit focused on the CFPB’s 2017 payday lending rule, a federal appellate court held that the funding structure violates the US Constitution’s Appropriations Clause and vacated the payday lending rule. A final resolution of the constitutional challenges to the CFPB’s structure will, depending on the ultimate outcome, have implications beyond any one specific CFPB rulemaking or supervisory action that is the subject of the legal proceeding. In the interim, however, the existence of these proceedings should not be expected to impact the CFPB’s pursuit of its supervisory priorities and enforcement efforts.

Implementation of Basel III Reforms

In 2017, the BCBS announced reforms to Basel III. The announced reforms would include changes to: the risk sensitivity under the standardised approach for credit and operational risk; include restrictions on the use of models under the advanced approaches; add a leverage ratio for GSIBs; and create an output floor on regulatory capital benefits for firm’s using the advanced approaches.

Efforts for BCBS member nations to implement the Basel III reforms have been delayed due to the COVID-19 pandemic, and the BCBS extended the expected implementation deadline to 1 January 2023. In the fall of 2022, US banking regulators announced their intention to revise the US Basel III rules for alignment with the 2017 BCBS Basel III reforms. Proposed rules could be issued in 2023.

Bank Merger Reviews

A 2021 executive order from President Biden directed federal banking agencies to assess their current practices for reviewing bank merger applications to ensure consumers have choices among financial services providers and to protect against excessive market consolidation. In response, the FDIC issued a public request for information and comment on the effectiveness of its framework for reviewing proposed merger transactions involving one or more insured banks. The request included an invitation for public comment in several areas, including any needed enhancements to address the impact of proposed transactions on financial stability, the adequacy of current review practices in assessing the impact of transactions on the convenience and needs of local communities, and the extent to which the CFPB should be consulted by the FDIC during reviews. The Acting Comptroller of the Currency has directed OCC staff to work with other agencies to evaluate the OCC’s bank merger review practices.

Formal changes to the merger review process remain pending while the agencies evaluate their reviews. Longer review periods for applications, particularly for larger banking organisations, are expected pending formal agency response to the executive order.

Regulation of Crypto-assets and Related Products and Services

Efforts continue in the US to design an appropriate regulatory structure to govern crypto-assets and their related risks. Movement may be seen through existing or future legislative proposals or through recommendations made by various government agencies in response to a 2022 Presidential executive order on the policy objectives of the US with respect to digital assets.

Federal bank regulators have remained cautious in considering the role that banks can and should play with respect to the desire of customers for crypto-related banking products and services. Each regulator has issued supervisory letters or interpretations highlighting the risks of crypto-related activities to banks. Both the Federal Reserve Board and the OCC require their supervised banks to provide regulatory notification before engaging in any crypto-related activities and to demonstrate that the bank has risk management systems and controls capable of allowing the bank to conduct the activity in a safe and sound manner. Additional guidance from the federal bank regulators is expected.

Updating Key Federal Reserve Board Regulations

Banking organisations regulated by the Federal Reserve Board have been expecting the Federal Reserve Board to issue proposed rules updating several of the Federal Reserve Board’s long-standing regulations. The updates could include amendments to the Federal Reserve Board’s regulations that: govern the international operations of US banking organisations and US operations of foreign banking organisations (Regulation K); impose restrictions and requirements for loans to executive officers, directors, and principal shareholders (Regulation O); restrict and limit transactions between banks and their affiliates (Regulation W); and set requirements governing bank and financial holding companies and changes in bank control (Regulation Y).

Potential for Federal Privacy Protections

Although privacy protection legislation has been implemented by some states, comprehensive legislation is absent at the federal level in the US Introduced proposed legislation with preliminary bipartisan support in Congress, the American Data Privacy and Protection Act, would seek to fill that gap, although whether it ultimately passes Congress remains uncertain. In addition to potential future legislation, the Federal Trade Commission (FTC) is evaluating its own potential rulemaking to address commercial surveillance and data security practices. The FTC has issued an advanced notice of proposed rulemaking designed to explore how surveillance practices may harm consumers and children, how the costs and benefits of these practices should be balanced, how harmful practices should regulated, and the effectiveness of consumer consent and disclosure practices.

The most recent regulatory developments in the United States addressing environmental, social, and governance (ESG) issues have been those addressing climate-related risks. In March 2022, the Securities and Exchange Commission (the SEC) issued a proposed rule that would require registrants to include climate-related disclosures in their registration statements and periodic reports and to disclose the registrant’s greenhouse gas emissions. Two banking regulators, the OCC and the FDIC, have also released for public comment draft principles addressing efforts by large banks (those with more than USD100 billion of total consolidated assets) to identify and manage climate-related risks. The Federal Reserve Board has also announced plans for a 2023 pilot climate scenario analysis exercise aimed at the understanding and management of climate-related financial risks.

The OCC’s draft principles, released in December 2021, address:

• governance roles of board of directors and management in managing climate-related risks;
• the need to reflect unique characteristics of climate risk into policies, procedures, and limits;
• the incorporation of climate-related risks into business strategy, risk appetite, and financial, capital, and operational planning;
• the development and integration of processes to identify, measure, monitor, and control climate-related financial risk exposures into the bank’s existing risk management framework;
• the incorporation of climate related financial risk information into data aggregation, risk measurement, and reporting; and
• the development of scenario analysis to assess the potential impact on the bank of changes in economic conditions and the financial system from climate-related risks.

The principles also discussed the need for banks to address the impact of climate-related risks on various existing risk-types, including credit risk, liquidity risk, financial risk, operational risk, legal and compliance risk, and other non-financial risks like strategic and reputational risk. The OCC indicated it planned to issue subsequent guidance that would further elaborate on the principles and address any feedback received from the draft principles generally. The FDIC released an equivalent set of draft principles on 30 March 2022.

In response to the OCC’s and FDIC’s release of the draft principles and the SEC’s proposed climate-related public disclosure rule, the American Bankers Association and the bankers’ associations of every US state and of Puerto Rico issued a letter on 23 June 2022 to Federal financial regulators regarding ESG regulatory policy initiatives. The letter reflected the associations’ position that banks should not be used to effectuate environmental or social policy goals, that regulatory efforts should not seek to reallocate capital or carry-out goals unrelated to safety and soundness, and that banks should be free to lend or not lend, subject to fair lending and anti-discrimination laws, as each individual bank may determine.

In September 2022, the Federal Reserve Board announced plans for a pilot climate scenario analysis exercise involving six large banks. The pilot’s announced purpose was to enhance the ability of both banks and supervisors to measure and manage the financial risks of climate change. The pilot exercise is expected to launch in 2023 and be completed later in the year. The Federal Reserve Board expects to publish results and lessons learned from the exercise at an aggregate, not individual bank, level and has indicated that the pilot exercise will not have capital consequences for the six participating banks.